2.6.31-stable review patch. If anyone has any objections, please let us know.

------------------From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>

commit 3891959846709a19f76628e33478cd85edb0e79f upstream.

When searching through the global authentication tokens for a given keysignature, verify that a matching key has not been revoked and has notexpired. This allows the `keyctl revoke` command to be properly used onkeys in use by eCryptfs.